News

Agent Tesla https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/ Apple Updates https://support.apple.com/en-us/HT201222 https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes SAMBA 4.11 Released https://www.samba.org/samba/history/samba-4.11.0.html GitHub Security Updates https://github.blog/2019-09-18-securing-software-together/

Ben and Scott sit down with David Callaghan, Head of Business Change at FITTS, to talk about Adoption Change Management (or ACM) for Microsoft 365.

Analyzing a Current Emotet Sample https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/ Windows Defender "Scan Now" Failed Bug Fix https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/ https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/ QEMU Vulnerablity https://www.openwall.com/lists/oss-security/2019/09/17/1 VMWare Vulnerabilty https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html New CWE Top 25 Released https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html

@PhilTheFilipino is here to discuss all things Jurassic this week! He gives his thoughts on the brand new short film, Battle At Big Rock, that dropped over the weekend. What does this mean for the future of the franchise and is it worth your time? He also discusses Jurassic World Evolution's Read More

Investigating Gaps in Windows Event Logs https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/ SOHOpelesly Broken 2 https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/ HP Printer Privacy https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/

Encrypted Sextortion https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/ SimJacker https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile LastPass Password Leak https://bugs.chromium.org/p/project-zero/issues/detail?id=1930 Microsoft Extends EoL For Exchange Server 2010 https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591

Rig Exploit Kit Delivering VBScript https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/ Pentesters Arrested During Physical Access Pentest https://arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/ iOS Lock Screen Unlock Vulnerability https://www.theregister.co.uk/2019/09/12/apples_ios_lock_workaround/

We discuss Logitech's latest MX Master mouse and discuss some of the drivers for upgrading legacy workloads and operating systems on-premises and in Microsoft Azure.

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/ Adobe Patches https://helpx.adobe.com/security.html Intel SSH Side Channel Vulnerability https://www.vusec.net/projects/netcat/ https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf

Firefox to Enable DNS over HTTPs by Default in September https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/ Telegram Fixes Privacy Bug https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html PsiXBot Uses DoH https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module

Unidentified Scanning Activity Likely Associated with Mirai/Successors https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/ Bluekeep Exploit Now in Metasploit https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/ How to Remove GMail Calendar Spam https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en Exim SNI TLS Vulnerability https://exim.org/static/doc/security/CVE-2019-15846.txt

In Episode 141, Ben and Scott discuss some of the new features coming to Intune for iOS 13 and macOS Catalina with their upcoming releases this fall. Then they talk about some of the latest announcements around Microsoft Azure including the announced new regions in Switzerland and some of the Read More

Tricky Link Retrieves Trick Bot https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/ Supermicro Virtual USB Vulnerability https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/ Facebook Free Basics Key Used to Sign Unrelated Android Apps https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/

Malware Installs Node.js https://isc.sans.edu/forums/diary/Malware+Dropping+a+Local+Nodejs+Instance/25284/ Dovecot and PigeonHole Vulnerability https://www.openwall.com/lists/oss-security/2019/08/28/3 Cloudflare Workers Spreading Malware https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c

iOS Exploits in the Wild https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html Twitter CEO's Twitter Account Hijacked https://twitter.com/TwitterComms/status/1167528672523210752

Malware Samples Compiling Their Next Stage On PremiseMalware Compiling Itself; https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/ CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html French Authorities Shut Down Coinminer Botnet https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/

The impacts of moving from Skype for Business to Microsoft Teams outside of enabling licenses and training your users.

Open Redirects: A Small But Very Common Vulnerability https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/ CamScanner Malicious Download Component https://securelist.com/dropper-in-google-play/92496/ Ares ADB Botnet https://www.wootcloud.com/blogs/ars_botnet.html Cisco REST API Container for IOS XE Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass

@PhilTheFilipino has seen the animated film for his favorite 90's Nickelodeon show - Rocko's Modern Life - and shares his thoughts on this Wait For It Wednesday review of the Netflix movie.Also, be sure to follow us on ALLLLLLL of our social media platforms below:Facebook: www.facebook.com/WaitForItPodcastTwitter: twitter.com/WaitForItPodInstagram: www.instagram.com/waitforitpodcastSoundCloud: bit.ly/WFI-SCSpotify: bit.ly/WFI-SPiTunes: Read More

Is it "Safe" To Require TLS 1.2 for Email https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/ Android Trojan Infects Tens of Thousands of Devices in 4 Months https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/ LYCEUM Threat Group Targeting Middle East https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign